Hackers exploit zero-day vulnerability to steal crypto from Bitcoin ATMs

Hackers have exploited a zero-day vulnerability in General Byte Bitcoin ATM to steal cryptocurrencies from users. The zero-day flaw exploited by the attacker was found in company’s Crypto Application Server (CAS).

According to General Byte, the attackers scanned the internet for exposed servers running on TCP ports 7777 or 443, including servers hosted by Digital Ocean and General Byte’s cloud service.

They were then able to exploit the bug by adding a default admin user named ‘gb’ to the CAS. They modified the crypto settings “buy” and “sell” and the “invalid payment address” to use a cryptocurrency wallet under the hacker’s control.

After changing the settings above, any cryptocurrency received by CAS was instead forwarded to the hackers.

General Byte has advised customers not to operate their Bitcoin ATMs until they have two server patch releases, 20220531.38 and 20220725.22, installed on their servers.

In addition, it is important to configure firewalls only to allow access to the Crypto Application Server from a tested IP address, such as addresses indicating the location of the ATM or the customer office.

Investigations from BinaryEdge shows that there are still 18 General Bytes Crypto Application Servers still vulnerable on the internet with most coming from Canada.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web